3CX VOIP Compromised & Supply Chain Threat

https://j-h.io/flare-systems || Track down any information leaks or cyber threat intelligence with Flare Systems, try a free trial and uncover your exposed attack surface! https://j-h.io/flare-systems

Resources & References surrounding the 3CX exploitation:

CrowdStrike’s original Reddit reporting
https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
CrowdStrike’s formal blog post
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
Todyl’s reporting https://www.todyl.com/blog/post/threat-advisory-3cx-softphone-telephony-campaign
SentinelOne’s reporting
https://s1.ai/smoothoperator
Discussion on the 3CX forum and public bulletin board
https://www.3cx.com/community/threads/threat-alerts-from-sentinelone-for-desktop-update-initiated-from-desktop-client.119806/post-558710
https://www.3cx.com/community/threads/3cx-desktop-app-vulnerability-security-group-contact.119930/
https://www.3cx.com/community/threads/crowdstrike-endpoint-security-detection-re-3cx-desktop-app.119934/#post-558726
3CX CEO first official notification
https://www.3cx.com/community/threads/3cx-desktopapp-security-alert.119951/#post-558907
Nextron System’s Sigma and YARA rules for detection
https://github.com/Neo23x0/signature-base/blob/master/yara/gen_mal_3cx_compromise_mar23.yar
Unofficial OTX AlientVault Pulse
https://otx.alienvault.com/pulse/64249206b02aa3531a78d020 …

3cx amp blog blog post board ceo commentary compromised crowdstrike detection exploitation forum huntress kevin kevin beaumont mac notification official patrick wardle public pulse reddit reporting resources rules sentinelone sigma supply supply chain system threat voip wardle yara yara rules